SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   iPhoto Vendors:   Apple Computer
iPhoto Photocast Format String Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019307
SecurityTracker URL:  http://securitytracker.com/id/1019307
CVE Reference:   CVE-2008-0043   (Links to External Site)
Date:  Feb 5 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1
Description:   A vulnerability was reported in iPhoto. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted photocast that, when accessed by the target user, will trigger a format string flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Nathan McFeters of Ernst & Young's Advanced Security Center reported this vulnerability.

Impact:   A remote user can create a photocast that, when accessed by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (7.1.2), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The download file is named: "iPhoto_712.dmg"
Its SHA-1 digest is: d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=307398

Vendor URL:  docs.info.apple.com/article.html?artnum=307398 (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:   UNIX (OS X)

Message History:   None.


 Source Message Contents

Date:  Tue, 5 Feb 2008 13:40:36 -0800
Subject:  APPLE-SA-2008-02-05 iPhoto 7.1.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-02-05 iPhoto 7.1.2

iPhoto 7.1.2 is now available and addresses the following issue:

CVE-ID:  CVE-2008-0043
Available for:  iPhoto '08 7.1
Impact:  Subscribing to a maliciously-crafted photocast may lead to
arbitrary code execution
Description:  A format string vulnerability exists in iPhoto. By
enticing a user to subscribe to a maliciously-crafted photocast, a
remote attacker may cause arbitrary code execution. This update
addresses the issue through improved handling of format strings when
processing photocast subscriptions. Credit to Nathan McFeters of
Ernst & Young's Advanced Security Center for reporting this issue.

iPhoto 7.1.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named:  "iPhoto_712.dmg"
Its SHA-1 digest is:  d7ea54d2ecc4362b97aec563ffa2cb2d3e700bda

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.0.1012

wsBVAwUBR6jXdMgAoqu4Rp5tAQhOygf9EZkLab28RRdkLrL1cbuWzjbW5tA2E6P+
Wf8SAFxVgwx0jlutijc8oPMa7rzVY6aXUsu2sRd/NpegFSH3FkalYmZufzHdx4NK
r/vWLblS/2pJ4DwBcf3kh09inN4EyC7gYx1kiGUEnWVeRD1XX5TdiRuDcW1JO9D5
mGGMMLMY8S+RtnHB/3TxQADpE8aAo5m8R0JSlHeFJQnrvEH2XkDOEuiZJCaNJV9c
VNKAyPW4H0b89nFWaECPhtZ3vUe+6tmBHx8lAPDRK2FwPJespkCo2UyQK+Jc7ND5
EKyaEWnQEfQoGAb5oT7YOE5wdvwZJJCRUdQUHDwB3qOLiZvICn9ZHA==
=42o5
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC